Potential Security Breach on Princess Website

[Cruisintimer]

4 hours ago, Treasure Hunter said:

Do you think it’s possible to double sell a room. Sort of like the three Bears and Goldilocks. Could you arrive at your room and find another person there?

Has happened on other lines, not sure if it has happened on Princess.

[Cruisintimer]

4 hours ago, twotravelersfromflorida said:

I just looked at the cruise we are taking in December to see if friends could still book and found the room we are booked in listed as available.  If I log in to the site and go to my booking, it shows the room as ours, yet I then checked for new bookings and my room still shows as available.  Anyone else found this issue?

Hope you get a great upgrade 🙂

[HaveDogWillTravel]

1 hour ago, HaveDogWillTravel said:

First it is an issue with authentication for access. Then it could become a breach if bad people find out and steal information.  The first thing Adam did when I told him is he checked multiple sites ( twitter was one but he uses some I’ve never heard of but tech geeks use) and said he didn’t see any postings there.  He said that was good but of course no guarantee that hackers didn’t take advantage of the flaws. So we don’t know if our data was breached or not. And Princess may not know yet. 

I need to correct myself. Since other Princess pax (at least) were able to access pax info other than their own, it means there’s been a breach. I was only thinking about bad people breaches. 

[Teechur]

6 hours ago, JamieLogical said:

 

But that AT&T breach didn't include any PII. It just included information about which phone numbers called/texted other phone numbers. No names, credit card info, SS numbers, passport numbers, etc. Also, just because the breach happened a year ago doesn't mean that's when the knew it happened. They could have found out about it much later, whereas Princess clearly knows that this incident happened it is all over social media and they have taken down their login services several times as they have worked to resolve it.

When I was connected to someone else's account, it showed their name, itinerary, booking number, and ship. It didn't show me any of the other items on your list.

[Kay S]

6 hours ago, HaveDogWillTravel said:

 Princess IT could seriously be 3 people who are completely overwhelmed.

You might be overestimating the size of the department. ☺️

[90scruzer]

On 7/25/2024 at 11:06 AM, Cruising Lynne said:

This is very scary. Others have said that data breaches happen all the time, but I have never had one where so many random people can see such personal info. I am having regrets about booking a Princess cruise. I will be a one and done!

If you live like this, you will have to go Ted Kazinski and move to the woods off-grid and self-sufficient.   breaches are happening every day - some of which are never detected, and others take a long time to notice (average time to detect is 204 days!)

 

The issue is that no one actually listens nor cares to protect the victims.   Oh they will try to foist credit monitoring or some other limited value method to protect your information on you, but the fact is -- after the first breach, you are one-and-done (for the "good ones" anyways).   all the others do not matter.    And if you were not looking, Equifax's breach was reportedly for 143 million people.   That's about 1/2 of America -- if we count all the people.  If we assume the 70 million children (sub 18) didn't have info to be breached, you get closer to 2/3rds of all Americans.   And the info that was leaked is much, much worse than anything the cruise lines will ever have on you.    The only significant protection we could see is that SSA publishes all names and numbers, forcing all companies to stop pretending that your SSN is secret.   If you live in the 2020s, just assume you have been breached.   Only a few people (those with no digital footprint) would escape, and I presume that number is negligible.  Barring this unlikely approach, credit monitoring for the remainder of your life + 25 years.   

 

So please, take a breath, and calm down - the sky fell long ago and it sounds like you are still doing OK.

 

Of course if you live in the EU with stronger protections, you may have further remedies, but the fact remains that Equifax's breach was (in my thinking at least) orders of magnitude worse.   Not that I like it any better, but just trying to educate you and hopefully prevent you from making a rash decision.   

[Kay S]

1 hour ago, 90scruzer said:

If you live like this, you will have to go Ted Kazinski and move to the woods off-grid and self-sufficient.     

Okay, but he was good at math. 😝

[dog]

For those giving Calm down advice- Why don’t we just wait and see what the fall out ends up being.

 

[stewart_oz]

1 hour ago, dog said:

For those giving Calm down advice- Why don’t we just wait and see what the fall out ends up being.

 

The silence from princes is deafening

They need to respond. 

[Aggie83]

14 hours ago, JamieLogical said:

 

But that AT&T breach didn't include any PII. It just included information about which phone numbers called/texted other phone numbers. No names, credit card info, SS numbers, passport numbers, etc. Also, just because the breach happened a year ago doesn't mean that's when the knew it happened. They could have found out about it much later, whereas Princess clearly knows that this incident happened it is all over social media and they have taken down their login services several times as they have worked to resolve it.

Don't underestimate the value of the AT&T data stolen or the many ways that data can be used for nefarious purposes. I have no doubt that, at a minimum, the AT&T data will be merged with PII data that was stolen from somewhere else. And that is just the start. It could take some time before the AT&T data is exploited, but I'm sure it will happen. Today's computers make data crunching and analyzing data so much easier and faster.

[90scruzer]

25 minutes ago, stewart_oz said:

The silence from princes is deafening

They need to respond. 

 Indeed, and there are jurisdictions (eg. California) that mandate that they respond in short periods of time.  In CA that is 15 days.   The interesting part is that the EU mandates not more than 72 hours -- so I would have expected something already.  In fact, they may already have started sending out these notifications by snail mail.   

 

   

[dog]

I don’t think this is related, but be aware of phone scams since there was access to our phone numbers etc.

 

 last week I got a call on my cellphone ( unlisted) from unknown caller- said he was Police- asked me if I still lived at that address.  I said I don’t give out personal information and asked what he wanted. He repeated the question- I told him I was calling the police as this appears to be a scam.

 

Also:

I have not got a response from Princess from reporting that I had access to other passenger’s personalizer.

[dog]

3 hours ago, stewart_oz said:

The silence from princes is deafening

They need to respond. 

Try contacting them.

I did when I was in someone else’s personalizer.

 

No response.

[dog]

5 hours ago, dog said:

For those giving Calm down advice- Why don’t we just wait and see what the fall out ends up being.

 

By this I mean this is serious.  Of course some of us are worried. Just don’t put down others for saying they are worried or won’t book with princess etc.  

Be kind.

 

[JG&Lcruisingnewbies]

9 hours ago, 90scruzer said:

 Indeed, and there are jurisdictions (eg. California) that mandate that they respond in short periods of time.  In CA that is 15 days.   The interesting part is that the EU mandates not more than 72 hours -- so I would have expected something already.  In fact, they may already have started sending out these notifications by snail mail.   

 

   

 

it’s not more than 72 hours to report it to the Information Commisioner office (ICO) that uphold our Data Protection Act and dish out substantial fines

 

when it comes to the ICO the coverup is always worse than the crime. They better hope they have responded in time and in full. Or they could be looking at a far bigger fine than the settlement reached in the US a few years ago. That on top of any further legal action.

 

Now the UK & other European Lawyers for Princess will be stressing over the wording of the email they have to send out. 
 

any email could take a few weeks. But they can’t just sit on it & do nothing or do things too slow.

 

(Husband is a Data specialist in the UK & looks after the UK branch database for a large international company. They have a healthy fear of the ICO)

 

basic rules of data breach response in the UK, below

 

 

 

[MsSoCalCruiser]

6 hours ago, dog said:

I don’t think this is related, but be aware of phone scams since there was access to our phone numbers etc.

 

 last week I got a call on my cellphone ( unlisted) from unknown caller- said he was Police- asked me if I still lived at that address.  I said I don’t give out personal information and asked what he wanted. He repeated the question- I told him I was calling the police as this appears to be a scam.

 

Also:

I have not got a response from Princess from reporting that I had access to other passenger’s personalizer.

Send Princess an Instagram message and they will respond. 

[MsSoCalCruiser]

Is it safe to log onto our Personalizer’s again? 

[dog]

25 minutes ago, MsSoCalCruiser said:

Send Princess an Instagram message and they will respond. 

Did, ‘ fb private message, on app at bottom gave feedback and customer relations. No responses.

 

i am able to log in and all is fine with my account so far this morning.

[dog]

Nothing new- google Princess cruises data breach.  Several times mentioned in the past.  Nothing yet about this one yet.

[azbirdmom]

38 minutes ago, dog said:

Did, ‘ fb private message, on app at bottom gave feedback and customer relations. No responses.

 

If I'm reading that right the official FB page for Princess does not allow PMs, they've disabled that feature.  Are you sure that you didn't use one of the many fan pages out there?  Would strongly recommend that you send what you have to the management group listed on elliott.org.  That should get a response.

[Cruisintimer]

15 hours ago, Kay S said:

Okay, but he was good at math. 😝

You have a great sense of humor, enjoying your posts!

[dog]

34 minutes ago, azbirdmom said:

If I'm reading that right the official FB page for Princess does not allow PMs, they've disabled that feature.  Are you sure that you didn't use one of the many fan pages out there?  Would strongly recommend that you send what you have to the management group listed on elliott.org.  That should get a response.

messenger I think it is called.

no, I do not post on fb pages in forums

 

Anyway, all I could do about reporting it I did and got out of other passengers accounts quickly.

Edited July 29 by dog

[Wishing on a star]

I am also wondering if this problem is still going on?

After reading one comment here, I want to go pull up our account, and check the cabin we have booked.

[90scruzer]

6 hours ago, Wishing on a star said:

I am also wondering if this problem is still going on?

After reading one comment here, I want to go pull up our account, and check the cabin we have booked.

Everything I've heard is that it's back to working properly -- I've logged in a couple of times and it's always my account (not that this is 100% confirmation!)

[roomba920]

Their website has been up and down for a week.